Cloud Workload Protection

With Prisma® Cloud you can secure hosts, containers and serverless applications across the full application lifecycle.

Cloud native applications are increasingly distributed across VMs, hosts, containers, Kubernetes® and serverless architectures. Unique security requirements for each make consistent workload protection a challenge.

Read Gartner’s report on Cloud Workload Protection Platforms.

Secure hosts, containers and serverless across hybrid and multi-cloud environments

Prisma Cloud is a comprehensive Cloud Workload Protection solution that delivers flexible protection to secure cloud VMs, containers and Kubernetes apps, serverless functions and containerized offerings like Fargate tasks. With Prisma Cloud, DevOps and cloud infrastructure teams can adopt the architecture that fits their needs without worrying about security keeping pace with release cycles or protecting multifaceted tech stacks.
  • Support for public and private clouds
  • Flexible agentless scanning and agent-based protection
  • Integration across the application lifecycle
  • Vulnerability management
    Vulnerability management
  • Compliance
  • CI/CD security
    CI/CD security
  • Runtime defense
    Runtime defense
  • Access control
    Access control
  • Agentless and agent-based security
    Agentless and agent-based security


Our approach to Cloud Workload Protection

Vulnerability management

Securing cloud native applications requires a comprehensive view into every host, container and serverless function. Prisma Cloud delivers a centralized dashboard to help prioritize risks in real time across public cloud, private cloud and on-premises environments.

  • Manage risk from a single dashboard

    Prioritize risk across host OS, container images and serverless functions with intelligent risk scoring.

  • See vulnerability status with remediation guidance

    View every CVE with details and up-to-date vendor fix information, supporting all cloud native technologies.

  • Alert on or prevent vulnerabilities across environments

    Set precise policies to alert on or prevent vulnerable components from running on your environments.

  • Integrate data with your existing systems

    Integrate vulnerability alerts into common endpoints, including JIRA, Slack, PagerDuty, Splunk, Cortex XSOAR, ServiceNow and more.


Cloud native applications require purpose-built controls to gain visibility into compliance posture and maintain compliance for dynamic, ephemeral infrastructures. Prisma Cloud delivers real-time and historical views into compliance status for hosts, containers and serverless functions.

  • Achieve compliance from a single solution

    Centrally monitor compliance posture with a single dashboard that covers hosts, containers and serverless functions as well as Kubernetes and Istio™.

  • Use 400+ customizable checks for cloud native applications

    Cover leading frameworks, including PCI DSS, HIPAA, GDPR and NIST SP 800-190, with pre-built compliance templates.

  • Leverage CIS Benchmarks:

    Implement or customize checks based on CIS Benchmarks, with approved coverage for the AWS®, Docker®, Kubernetes and Linux CIS Benchmarks.

  • Ensure image trust

    Use trusted images to ensure that application components only originate from authorized sources.

  • Integrate compliance across the application lifecycle

    Add compliance checks as part of the full application lifecycle, to alert on or prevent misconfigurations in your applications from reaching production.

CI/CD security

To secure cloud native applications, security must be addressed before deployment and integrated across the application lifecycle. You can scale these efforts with a consolidated platform that integrates vulnerability scanning and hardens checks into the CI/CD workflow.

  • Support all your application components

    Scan Git repositories, container images, AMIs and serverless functions.

  • Integrate with DevOps workflows

    Integrate with any continuous integration (CI) solution, such as Jenkins, CircleCI, AWS CodeBuild, Azure DevOps, Google Cloud Build and more.

  • Prioritize risk from central dashboards

    View vulnerability information and compliance results, and vendor fix information across build, deploy and run.

  • Surface scan results in developer tooling and central dashboards

    View scan results and details both at their source and with an aggregated view.

  • Enforce security policies to prevent builds from moving forward in pipelines

    Control exactly what progresses through the development pipeline with centralized policies across the entire application lifecycle.

Runtime defense

Cloud native applications scale dynamically, requiring a modern, automated approach to protection that prevents applications from unwanted activity and threats. With Prisma Cloud, ensure hosts, containers and serverless applications are secure – whether you’re running on public clouds, private clouds or on-premises.

  • Unify protection with a single agent

    Secure them all from a single solution – Prisma Cloud supports Linux and Windows hosts, containers and Kubernetes, as well as emerging technologies like PaaS and serverless.

  • Automate security without needless manual effort

    Automate baseline policies across process, file system and network activity to achieve security at enterprise scale.

  • Capture detailed forensics of every audit or security incident

    Automatically and securely gather forensics details in a powerful timeline view to enable incident response. You can view data in Prisma Cloud or send it to other systems for deeper analysis.

  • Prevent activity across any environment

    Manage runtime policies all from a centralized console to ensure security is always present as part of every deployment.

  • Enable your SOC teams with context rich data

    With mapping of incidents to MITRE ATT&CK framework, along with detailed forensics and rich metadata eliminates the challenges for SOC teams in identifying and tracking threats for ephemeral cloud-native workloads.

Access control

Modern applications need deep, integrated security to protect the entire application stack. With Prisma Cloud, organizations can leverage security optimized for cloud native architectures.

  • Gain control over Docker activities

    Manage rules governing Docker configurations, containers, images, nodes, plugins, services and more to ensure your environment runs as you choose.

  • Manage secrets for your containers

    Take advantage of integration with secrets management tools, like CyberArk and HashiCorp, to ensure your secrets are properly managed and secured.

  • Capture Kubernetes audits

    Deploy security purpose-built for cloud native tech stacks. Prisma Cloud ingests Kubernetes audit data and surfaces rules to identify events to alert on.

  • Secure deployments with Open Policy Agent

    Craft rules in Rego policy language to gain control over every deployment.

  • View audit results in a single dashboard

    Surface all audit alerts and activities in a single pane of glass for analysis.

Flexible control

Cloud workloads and apps constantly evolve. Organizations need agile, integrated controls to ensure the entire stack is protected. Only Prisma Cloud offers the flexibility to use agentless and agent-based protections to suit your needs.

  • Agentless scanning for easy visibility

    Gain rapid visibility without deploying preventative or blocking capabilities. Agentless scanning provides quick assessments of risk, including known CVEs, misconfigurations, and other security issues.

  • Agent-based protection for deep insight

    A unified agent framework supports defense-in-depth to secure cloud native apps. Agent-based protection provides deep forensic visibility and preventative policies to block and stop suspicious activity.

  • One dashboard and one policy engine for both approaches

    Prisma Cloud is the industry's only solution to offer both agentless and agent-based security, all managed from a single location.

Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Cloud Workload Protection modules

Host Security

Secure virtual machines (VMs) on any public or private cloud.

Container Security

Secure Kubernetes and other container platforms on any public or private cloud.

Serverless Security

Secure serverless functions across the full application lifecycle.

Web Application & API Security

Protect against Layer 7 and OWASP Top 10 threats in any public or private cloud.